To verify my public key, please send an e-mail to kurt dot padilla at gmail dot com with "FF7E7CCD" in the subject and "bitcoin" in the body text. You'll then receive a signed response referring to this post.

I've received a few responses referring to this post, but all of them were unsigned…

I've now received a bunch of signed messages. The showstopper now is that they've been converted to HTML after signing:

2. Get the Enigmail extension. It's by far the easiest way to encrypt or sign mail in Thunderbird.

Yes I have Enigmail and it's worked well for signing and encrypting messages for me. However, when Thunderbird replies with a template, it doesn't sign it. When I sign a message in my text editor, and then paste it into a compose window, the PGP bits disappear leaving only the message. Not sure what's going on here.

I have a couple of really basic questions. First, I'm no longer sure what it means to "sign" someone else's key. After verifying an email address like Ian's for example and then verifying the signature sent from that address, should I really just copy everything from

-----BEGIN PGP SIGNATURE----- to-----END PGP SIGNATURE-----

and sign it the same way I would use my own signature to sign a message of my own? And if I do, what then? How does that indicate my acceptance of the other person's claims?

Second, when I look at my own key in GPA, it says;

The key has both a private and a public partThe key can be used for certification and signing, but not for encryption.

Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet.

You need a public and private part for signatures as well as encryption---a private part you use to sign, and a public part others use to verify the signature.

Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)

Jason: What software are you using? If you use the command-line GPG, by default it will generate keys that can be used for encryption. But if you're using Cryptophane for example, by default it generates signature-only keys. Unfortunately I haven't found the perfect Windows GUI frontend for GPG yet.

I used GPG from the command line on OSX to generate the keys. Since then, I've installed Thunderbird and Enigmail on Ubuntu and I've finally gotten Penango to work with Firefox on OSX.

Anyway, if you have my public key, in most software signing it will mean right-clicking it and clicking "Sign". Then at some point you'd re-upload the key to the server, with your signature on it. By doing this you're vouching that that the name and email address attached to the key are accurate.

By [signing someone's public key this way] you're vouching that that the name and email address attached to the key are accurate. (I haven't actually proven that the name is accurate, but if you really wanted I could try and scan an ID or something.)

Some nerds at IRL keysigning parties demand that you show photo id (e.g., passport or driver's license). IMHO that means that they're verifying the person's identity. However, for me person != email address, so I'm happy to know that the key is associated with the email address it claims to represent. This is what we're doing here.

Sure. Thanks for the help guys. Penango on Firefox seems to be missing some features and Ian is right when he says the easiest way to use Enigmail with TB. I signed his key and uploaded it to a server as I will with others' here.

I'm Jason Keith. One of many it seems and although you won't find me on the first couple of pages of a Google search, you can reach me at jasonkeith@gmail.com. My fingerprint isE936 B8CB 8537 02A1 144E FFB0 BBF5 676B 15DD FC58 Send me an email with 15DDFC58 and Bitcoin in the subject and I'll get back to you.

Tip: You can set up a canned response so that a signed email pointing to e.g. your instruction message in this thread is returned automagically to those who send en email with this in the subject and that in the body.

Thanks Klaus. I realised that just as I looked back over what everybody else in the thread seems to have done. It's 3:30 in the morning here now and I'm gonna get some sleep before I come back and make a bigger fool of myself. Thanks again for the help all.BTW Klaus, I verified and signed your key as well. I"ll get around to everybody else tomorrow.